Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:03-06-2016 Uruchomiony przez Karol (2016-06-04 14:49:01) Run:2 Uruchomiony z C:\Users\Karol\Downloads ZaÅ‚adowane profile: Karol (DostÄ™pne profile: Karol) Tryb startu: Normal ============================================== fixlist - zawartość: ***************** CloseProcesses: CreateRestorePoint: S2 Afict; "C:\Users\Karol\AppData\Roaming\Nudnum\Nudnum.exe" -cms [X] S2 backlh; C:\ProgramData\Logic Handler\set.exe [X] S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a S2 cobycekozbt; C:\Program Files (x86)\46313030-1464376569-3142-3230-3139FFFFFFFF\knsm18A8.tmpfs [X] S2 dowidoly; Brak ImagePath S2 Ikermuze; "C:\Users\Karol\AppData\Roaming\JatwOjeura\Siynfunf.exe" -cms [X] S2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe shuz -f "C:\ProgramData\\Quoteex\\Quoteex.dat" -l -a S2 rijufoze; C:\Program Files (x86)\46313030-1464376569-3142-3230-3139FFFFFFFF\hnsc4896.tmp [X] S2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X] R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-05-28] (Cherimoya Ltd) S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-05-27] (????) S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [X] S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X] S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X] S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" HKLM-x32\...\Run: [svchost.exe -start] => C:\ProgramData\svchost.exe -start HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun AppInit_DLLs: C:\ProgramData\Quoteex\Zathsoft.dll => Brak pliku AppInit_DLLs-x32: C:\ProgramData\Quoteex\HomeTontough.dll => Brak pliku Tcpip\..\Interfaces\{549DF18E-551F-403C-BCE2-9FA15230C1D2}: [NameServer] 104.197.191.4 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4 HKU\S-1-5-21-1544065239-652640673-2946235325-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu6aEhdAQJAr6KR-UDqFZpQuTFuLw5jK08HKqTPVNZGhjy7WlPsBwQAZxBxCt_IklVdBQgEFpU9AiczlF_ZQMnuA3rTrVH6MciT8yqy1UxAkCeXwr_shxMSSwFsB6TWqTTs_9lqfWraMAEBfglef8Ad861Og,,&q={searchTerms} HKU\S-1-5-21-1544065239-652640673-2946235325-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu6aEhdAQJAr6KR-UDqFZpQuTFuLw5jK08HKqTPVNZGhjy7WlPsBwQAZxBxCt_IklZe2utCraANmceghWX9XI4m8ZGnnTO5ki8GTH6YAJvEwQNlQjceRUYEgfZ1JHk6huAUllCpDVzBAJmpSHvi6QtrE1o0Q,, HKU\S-1-5-21-1544065239-652640673-2946235325-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu6aEhdAQJAr6KR-UDqFZpQuTFuLw5jK08HKqTPVNZGhjy7WlPsBwQAZxBxCt_IklVdBQgEFpU9AiczlF_ZQMnuA3rTrVH6MciT8yqy1UxAkCeXwr_shxMSSwFsB6TWqTTs_9lqfWraMAEBfglef8Ad861Og,,&q={searchTerms} HKU\S-1-5-21-1544065239-652640673-2946235325-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu6aEhdAQJAr6KR-UDqFZpQuTFuLw5jK08HKqTPVNZGhjy7WlPsBwQAZxBxCt_IklVdBQgEFpU9AiczlF_ZQMnuA3rTrVH6MciT8yqy1UxAkCeXwr_shxMSSwFsB6TWqTTs_9lqfWraMAEBfglef8Ad861Og,,&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu6aEhdAQJAr6KR-UDqFZpQuTFuLw5jK08HKqTPVNZGhjy7WlPsBwQAZxBxCt_IklVdBQgEFpU9AiczlF_ZQMnuA3rTrVH6MciT8yqy1UxAkCeXwr_shxMSSwFsB6TWqTTs_9lqfWraMAEBfglef8Ad861Og,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-1544065239-652640673-2946235325-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu6aEhdAQJAr6KR-UDqFZpQuTFuLw5jK08HKqTPVNZGhjy7WlPsBwQAZxBxCt_IklVdBQgEFpU9AiczlF_ZQMnuA3rTrVH6MciT8yqy1UxAkCeXwr_shxMSSwFsB6TWqTTs_9lqfWraMAEBfglef8Ad861Og,,&q={searchTerms} SearchScopes: HKU\S-1-5-21-1544065239-652640673-2946235325-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu6aEhdAQJAr6KR-UDqFZpQuTFuLw5jK08HKqTPVNZGhjy7WlPsBwQAZxBxCt_IklVdBQgEFpU9AiczlF_ZQMnuA3rTrVH6MciT8yqy1UxAkCeXwr_shxMSSwFsB6TWqTTs_9lqfWraMAEBfglef8Ad861Og,,&q={searchTerms} CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYu6aEhdAQJAr6KR-UDqFZpQuTFuLw5jK08HKqTPVNZGhjy7WlPsBwQAZxBxCt_IklVb5P14roTCx8DakOP-yuMHB2bw9fcSQvlq0PEUi886yUi3RLZxleEBahsRhL7RMvD0x3IBuV7UkFlG0jza4EXoRdAqg,, CHR HKU\S-1-5-21-1544065239-652640673-2946235325-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP% ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF% DeleteKey: HKCU\Software\Mozilla\Firefox\Extensions DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvgUi DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DIMDownloading your update...1300677038363 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\MediaShield C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Panel sterowania NVIDIA C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SubtitleCreator C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???? C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Help C:\Users\Karol\Documents\Corel\CorelDRAW X5 Samples\target.lnk C:\Users\Public\Thunder Network C:\Windows\chromebrowser.exe C:\Windows\system32\ghn C:\Windows\SysWOW64\Number of results C:\Windows\system32\Drivers\etc\hp.bak C:\Windows\system32\Drivers\cherimoya.sys C:\Windows\system32\Drivers\TFsFltX64.sys C:\Windows\system32\Drivers\TSSKX64.sys C:\Windows\SysWOW64\findit.xml C:\Windows\SysWOW64\Drivers\TS888x64.sys CMD: ipconfig /flushdns CMD: netsh advfirewall reset Hosts: EmptyTemp: ***************** Procesy zostaÅ‚y pomyÅ›lnie zamkniÄ™te. Punkt przywracania zostaÅ‚ pomyÅ›lnie utworzony. Afict => serwis pomyÅ›lnie usuniÄ™to backlh => serwis pomyÅ›lnie usuniÄ™to CloudPrinter => serwis pomyÅ›lnie usuniÄ™to cobycekozbt => serwis pomyÅ›lnie usuniÄ™to dowidoly => serwis pomyÅ›lnie usuniÄ™to Ikermuze => serwis pomyÅ›lnie usuniÄ™to Quoteex => serwis pomyÅ›lnie usuniÄ™to rijufoze => serwis pomyÅ›lnie usuniÄ™to SSFK => serwis pomyÅ›lnie usuniÄ™to cherimoya => Nie można zatrzymać usÅ‚ugi. cherimoya => serwis pomyÅ›lnie usuniÄ™to TSSKX64 => serwis pomyÅ›lnie usuniÄ™to MPCKpt => serwis pomyÅ›lnie usuniÄ™to QMUdisk => serwis pomyÅ›lnie usuniÄ™to softaal => serwis pomyÅ›lnie usuniÄ™to SRepairDrv => serwis pomyÅ›lnie usuniÄ™to tsnethlpx64 => serwis pomyÅ›lnie usuniÄ™to "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP" => klucz pomyÅ›lnie usuniÄ™to "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP" => klucz pomyÅ›lnie usuniÄ™to HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svchost.exe -start => Wartość pomyÅ›lnie usuniÄ™to HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => Wartość pomyÅ›lnie usuniÄ™to HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar => Wartość pomyÅ›lnie usuniÄ™to "C:\ProgramData\Quoteex\Zathsoft.dll" => Dane wartoÅ›ci pomyÅ›lnie usuniÄ™to. "C:\ProgramData\Quoteex\HomeTontough.dll" => Dane wartoÅ›ci pomyÅ›lnie usuniÄ™to. HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{549DF18E-551F-403C-BCE2-9FA15230C1D2}\\NameServer => Wartość pomyÅ›lnie usuniÄ™to HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\\NameServer => Wartość pomyÅ›lnie usuniÄ™to HKU\S-1-5-21-1544065239-652640673-2946235325-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wartość pomyÅ›lnie przywrócono HKU\S-1-5-21-1544065239-652640673-2946235325-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wartość pomyÅ›lnie przywrócono HKU\S-1-5-21-1544065239-652640673-2946235325-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => Wartość pomyÅ›lnie usuniÄ™to HKU\S-1-5-21-1544065239-652640673-2946235325-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => Wartość pomyÅ›lnie usuniÄ™to HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyÅ›lnie przywrócono "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => klucz pomyÅ›lnie usuniÄ™to HKCR\Wow6432Node\CLSID\ielnksrch => klucz nie znaleziono. HKU\S-1-5-21-1544065239-652640673-2946235325-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wartość pomyÅ›lnie usuniÄ™to "HKU\S-1-5-21-1544065239-652640673-2946235325-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => klucz pomyÅ›lnie usuniÄ™to HKCR\CLSID\{ielnksrch} => klucz nie znaleziono. Chrome HomePage => pomyÅ›lnie usuniÄ™to HKU\S-1-5-21-1544065239-652640673-2946235325-1000\SOFTWARE\Google\Chrome\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo => klucz nie znaleziono. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Skrót - argument pomyÅ›lnie usuniÄ™to. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Skrót - argument pomyÅ›lnie usuniÄ™to. C:\Users\Public\Desktop\Mozilla Firefox.lnk => Skrót - argument pomyÅ›lnie usuniÄ™to. HKCU\Software\Mozilla\Firefox\Extensions => klucz pomyÅ›lnie usuniÄ™to HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AvgUi => klucz pomyÅ›lnie usuniÄ™to HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite => klucz pomyÅ›lnie usuniÄ™to HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DIMDownloading your update...1300677038363 => klucz pomyÅ›lnie usuniÄ™to C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\MediaShield => pomyÅ›lnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\Panel sterowania NVIDIA => pomyÅ›lnie przeniesiono C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SubtitleCreator => pomyÅ›lnie przeniesiono =========== "C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" ========== nie znaleziono ========= Koniec -> "C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????" ======== C:\Users\Karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Help => pomyÅ›lnie przeniesiono C:\Users\Karol\Documents\Corel\CorelDRAW X5 Samples\target.lnk => pomyÅ›lnie przeniesiono C:\Users\Public\Thunder Network => pomyÅ›lnie przeniesiono C:\Windows\chromebrowser.exe => pomyÅ›lnie przeniesiono C:\Windows\system32\ghn => pomyÅ›lnie przeniesiono C:\Windows\SysWOW64\Number of results => pomyÅ›lnie przeniesiono C:\Windows\system32\Drivers\etc\hp.bak => pomyÅ›lnie przeniesiono C:\Windows\system32\Drivers\cherimoya.sys => pomyÅ›lnie przeniesiono C:\Windows\system32\Drivers\TFsFltX64.sys => pomyÅ›lnie przeniesiono C:\Windows\system32\Drivers\TSSKX64.sys => pomyÅ›lnie przeniesiono C:\Windows\SysWOW64\findit.xml => pomyÅ›lnie przeniesiono C:\Windows\SysWOW64\Drivers\TS888x64.sys => pomyÅ›lnie przeniesiono ========= ipconfig /flushdns ========= Konfiguracja IP systemu Windows Pomy˜lnie opr¢¾niono pami©† podr©czn¥ programu rozpoznawania nazw DNS. ========= Koniec CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Koniec CMD: ========= C:\Windows\System32\Drivers\etc\hosts => pomyÅ›lnie przeniesiono Hosts pomyÅ›lnie przywrócono. EmptyTemp: => 763.5 MB danych tymczasowych UsuniÄ™to. System wymagaÅ‚ restartu. ==== Koniec Fixlog 14:49:32 ====